AV vendors shun MS bounty hunters

Blazing Saddles


Anti-virus vendors are resisting any involvement in Microsoft's scheme to offer rewards for the arrest and conviction of virus writers.

This week Microsoft placed two $250,000 bounties on the heads of the virus authors responsible for unleashing the infamous Sobig and Blaster worms this summer. The application of Wild West-style rewards on computer crimes is part of a wider Anti-Virus Reward Program, initially funded with $5 million from Microsoft.

Thus far this is a Microsoft-only initiative, but Redmond is encouraging "other corporations to consider ways to partner with law enforcement in deterring this illegal and destructive activity".

Once Upon a Time on the Net

So are anti-virus vendors (never shy of praising law enforcement when virus writers are convicted) willing to join Sheriff Steve Ballmer's anti-virus posse?

The answer would appear to be that, rather like the citizens in High Noon, AV vendors are sitting this one out.

Sophos said it had "no plans" to offer financial rewards for information leading to the arrest of virus writers. Symantec declined to comment. Network Associates and MessageLabs both welcomed Microsoft’s initiative but neither expressed any desire to become more closely involved.

Paul Wood, chief information security analyst at MessageLabs, said he welcomed Microsoft’s initiative as a way of deterring virus writers.

Microsoft was motivated in launching the initiative by the adverse publicity generated by recent viral outbreaks which has "damaged its credibility", he said. "Microsoft has to be seen doing something."

Microsoft has a clear financial incentive for making things difficult for virus writers, but the AV vendors have no such motivation. High-profile viruses stimulate AV software sales, particularly to consumers, despite the increasingly apparent shortcomings of the AV scanner model.

The Good, the Bad and the Ugly

Leaving aside arguments about the possible effectiveness of Microsoft's program, MessageLabs' Wood agrees that it is hard to imagine the AV industry getting rid of a problem it was created to solve.

Doubtless, the vast majority of participants in the AV industry mean well, and we've never bought into the urban myth that AV companies are in any way involved in writing viruses, but we question their incentives to introduce technologies that clamp down on viral outbreaks.

David Emm, AVERT marketing manager at McAfee Security, said that technical researchers at AV firms have to go without sleep during viral outbreaks.

Maybe that's part of the problem. From years of experience we'd note that we never speak to happier people in the IT industry than AV marketing folk in the middle of a viral epidemic.

McAfee's Emm makes a decent fist of arguing that AV technology has come on in leaps and bounds in recent years (better management, heuristics etc.); even so, the security crisis is getting worse. To Network Associate's credit, the firm is revisiting the concept of behaviour blocking- technology. This, along with scanning for viruses on the Net before they reach users' in-boxes, seems to represent the best way forward.

"Behaviour analysis has come on leaps and bounds, so that it's no longer a burden on user. User desktops can be tied down by an admin more effectively using more sophisticated tools than we had ten years ago," Emm told El Reg.

Unforgiven

Back to Microsoft’s bounty on virus writers, Emm reckond it id too early to say if it will be effective.

"It hard to say whether virus writers would have scruples about dobbing in [informing on] a friend. Lack of scruples it one area doesn't always translate into another area," he said.

"But I think it will make virus authors more careful about bragging about their exploits. There's kudos to creating viruses in certain circles and Microsoft's reward might make people think twice about sounding off," said Emm.

Against this, Emm noted that the authors of Sobig and Blaster have kept a much lower profile than traditional virus authors.

A Fistful of Dollars

Emm reckons that the funding of Microsoft’s initiative with $5 million is evidence of its serious intent. "It's a lot of money for a simple publicity stunt," he said.

The bounty might "oil the wheels" of the criminal justice system, Emm said. Although he predicts increased co-operation between participants in the AV community and the police, Emm detects little willingness in the AV community as a whole that this will "translate further along to bounties and rewards". ®


Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022